Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
c5a11854c5
|
@ -77,6 +77,28 @@ in
|
|||
tinc.pubkey_ed25519 = "KhOetVTVLtGxB22NmZhkTWC0Uhg8rXJv4ayZqchSgCN";
|
||||
};
|
||||
};
|
||||
fatteh = {
|
||||
nets.retiolum = {
|
||||
aliases = [ "fatteh.r" "fatteh.kmein.r" ];
|
||||
ip4.addr = "10.243.2.77";
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAoK5mMjFxzogpeg5H0pG224gqjknz3/s0iNqGTwsnuscw2HSBDQLi
|
||||
o3J2Py6tD4pdRlLwAEMewwl/vt8/Um90OFkGCnedQXd/06TzxtYSRONYkCeJ7YIk
|
||||
qxaV9w/KpSFmufR0R284KjAnydP5AIzRQH1fZNNLnxEbaoEkh00J5JrEcFncLd8i
|
||||
8y62ZxnMeD4lzdmn2+dSie3z0cDMWGaGmzFB4ejlD6BmRhQ2TttHSuOaskf7UHv9
|
||||
dywNp3Mm2S1TWzQrDOfWal1OOoct+3aTpruYDrOkP375z4wueonIaI+Zpnd3HbyQ
|
||||
MaosPFFMy330KEWtfJgrX8gPoJDryURqZ5Nlt5fdOmy23ztqPiZowFfGeKDbjl3n
|
||||
i/xMDpgASnyFMZRryh5gqp3Fewzx2EkhLd2y3TFtcZVLrFCsR3m7Pg4IerKi1VuI
|
||||
N0ibCWoScWqV4EHJEcLoXe2tLmZa6fReKkbuJce1oLVINZnUtLNCNM0ogTDFe9Fc
|
||||
X7YAl5TmqOI+HnOnWFez+IJyoIExRAHuLwnWvfh1OGIpsTGRL2NXZbUp8Reh3FQ1
|
||||
8oAoMbQf+z/Wi7ftXc7V3h5WEJJ0kiF8wAUAcUAhOeun3bq7VGyX62ckD+FFJpRe
|
||||
FyxedTdfoU2+94Cx5Ah9I970VG8sdl6Byp0tQCAd8GX9IuJoSCCbtWMCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "INp2fKLFIjkGnUGhd+J4X2io3MH9T158d6JYZv3pQ/B";
|
||||
};
|
||||
};
|
||||
makanek = {
|
||||
nets.retiolum = {
|
||||
aliases = [
|
||||
|
|
|
@ -23,7 +23,6 @@
|
|||
|
||||
<stockholm/krebs/2configs/container-networking.nix>
|
||||
<stockholm/krebs/2configs/syncthing.nix>
|
||||
<stockholm/krebs/2configs/news-host.nix>
|
||||
|
||||
### shackspace ###
|
||||
# handle the worlddomination map via coap
|
||||
|
|
|
@ -23,7 +23,6 @@ in {
|
|||
{ mail = "krebstel-1difh7483axpiaq92ghi14r5cql822wbhixqb0nn3y3jkcj0b785@ni.r"; }
|
||||
{ mail = "lass@green.r"; }
|
||||
tv
|
||||
xkey
|
||||
];
|
||||
spam-ml = [
|
||||
lass
|
||||
|
|
|
@ -20,9 +20,7 @@ let
|
|||
};
|
||||
|
||||
imp = {
|
||||
services.redis = {
|
||||
enable = true;
|
||||
};
|
||||
services.redis.servers.go.enable = true;
|
||||
|
||||
krebs.htgen.go = {
|
||||
port = cfg.port;
|
||||
|
|
|
@ -43,6 +43,14 @@ in {
|
|||
fi
|
||||
'';
|
||||
};
|
||||
hostname = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
hostname of the container,
|
||||
his is continously checked by ping and the container is restarted if unreachable
|
||||
'';
|
||||
default = config.name;
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
@ -68,6 +76,8 @@ in {
|
|||
serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ctr.startCommand;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
};
|
||||
# get rid of stateVersion not set warning;
|
||||
system.stateVersion = config.system.nixos.release;
|
||||
};
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
|
@ -110,8 +120,8 @@ in {
|
|||
set -efux
|
||||
consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" ''
|
||||
set -efux
|
||||
if ping -c 1 ${ctr.name}.r; then
|
||||
nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.name}.r:disk "$HOME"/disk.rsync
|
||||
if ping -c 1 ${ctr.hostname}; then
|
||||
nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.hostname}:disk "$HOME"/disk.rsync
|
||||
touch "$HOME"/incomplete
|
||||
nice --adjustment=30 rsync --inplace "$HOME"/disk.rsync "$HOME"/disk
|
||||
rm -f "$HOME"/incomplete
|
||||
|
@ -153,7 +163,7 @@ in {
|
|||
export payload
|
||||
if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then
|
||||
# echo 'we are the host, trying to reach container'
|
||||
if $(retry -t 10 -d 10 -- ping -q -c 1 ${ctr.name}.r > /dev/null); then
|
||||
if $(retry -t 10 -d 10 -- ping -q -c 1 ${ctr.hostname} > /dev/null); then
|
||||
# echo 'container is reachable, continueing'
|
||||
continue
|
||||
else
|
||||
|
@ -237,8 +247,8 @@ in {
|
|||
/run/current-system/sw/bin/nixos-container start ${ctr.name}
|
||||
# wait for system to become reachable for the first time
|
||||
systemctl start ${ctr.name}_watcher.service
|
||||
retry -t 10 -d 10 -- ping -q -c 1 ${ctr.name}.r > /dev/null
|
||||
while systemctl is-active container@${ctr.name}.service >/devnull && ping -q -c 3 ${ctr.name}.r >/dev/null; do
|
||||
retry -t 10 -d 10 -- ping -q -c 1 ${ctr.hostname} > /dev/null
|
||||
while systemctl is-active container@${ctr.name}.service >/devnull && ping -q -c 3 ${ctr.hostname} >/dev/null; do
|
||||
consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null
|
||||
sleep 10
|
||||
done
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib, pkgs, stockholm, ... }:
|
||||
with (builtins.trace (lib.attrNames stockholm) stockholm).lib;
|
||||
{ pkgs, stockholm, ... }:
|
||||
with stockholm.lib;
|
||||
|
||||
rec {
|
||||
{
|
||||
generators = {
|
||||
command_hook = commands: {
|
||||
pattern =
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 59aa5d0e41cf4a6d4356673feb1adbd0fcf68936
|
||||
Subproject commit a6c7ecd8ba90c1eb2515cb235d85649295848e68
|
Loading…
Reference in a new issue